chore(release): 1.0.16 [skip ci]

## [1.0.16](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.15...v1.0.16) (2026-03-14)

.github/workflows/codeql.yml

@@ -1,46 +1,34 @@
 ---
 # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
-name: 'CodeQL'
+name: "CodeQL"
 
 on:
   push:
-    branches: ['main']
+    branches: ["main"]
   pull_request:
-    branches: ['main']
+    branches: ["main"]
   schedule:
-    - cron: '30 1 * * 0' # Run at 1:30 AM UTC every Sunday
+    - cron: "30 1 * * 0"
   merge_group:
 
-permissions:
-  actions: read
-  contents: read
+permissions: {}
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
+      contents: read
+      packages: read
       security-events: write
-
     strategy:
       fail-fast: false
       matrix:
-        language: ['javascript'] # Add languages used in your actions
-
+        language: ["actions", "javascript"]
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
+      - name: CodeQL Analysis
+        uses: ivuorinen/actions/codeql-analysis@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11
         with:
-          languages: ${{ matrix.language }}
+          language: ${{ matrix.language }}
           queries: security-and-quality
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
-        with:
-          category: '/language:${{matrix.language}}'

.github/workflows/pr-lint.yml

@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: [master, main]
 
+permissions: {}
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -27,10 +29,10 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
       - name: Yarn Lock Changes
-        uses: Simek/yarn-lock-changes@61d1a0595070b79c1abdc8e1e5a5f5d98b18918c # v0.12.2
+        uses: Simek/yarn-lock-changes@59f47ee499424d2c2437c5aebf863b5c6d50a5bc # v0.14.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run PR Lint
         # https://github.com/ivuorinen/actions
-        uses: ivuorinen/actions/pr-lint@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21
+        uses: ivuorinen/actions/pr-lint@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11

.github/workflows/publish.yml

@@ -6,7 +6,7 @@ on:
     branches:
       - main
 
-permissions: read-all
+permissions: {}
 
 env:
   NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
@@ -26,7 +26,7 @@ jobs:
     steps:
       - name: Run PR Lint
         # https://github.com/ivuorinen/actions
-        uses: ivuorinen/actions/pr-lint@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21
+        uses: ivuorinen/actions/pr-lint@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11
 
   publish:
     name: Publish
@@ -46,7 +46,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Node.js Environment
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           always-auth: true
           node-version-file: ".nvmrc"
@@ -58,7 +58,7 @@ jobs:
         run: npm install -g corepack --force && corepack enable
 
       - name: Cache Node Modules
-        uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         id: cache
         with:
           path: node_modules
@@ -72,5 +72,5 @@ jobs:
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@b12c8f6015dc215fe37bc154d4ad456dd3833c90 # v6.0.0
         env:
-          GITHUB_TOKEN: ${{ secrets.PAT }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/stale.yml

@@ -8,10 +8,7 @@ on:
   workflow_call:
   workflow_dispatch:
 
-permissions:
-  contents: read
-  packages: read
-  statuses: read
+permissions: {}
 
 jobs:
   stale:
@@ -23,4 +20,4 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: ivuorinen/actions/stale@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21
+      - uses: ivuorinen/actions/stale@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11

.github/workflows/sync-labels.yml

@@ -20,7 +20,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions: read-all
+permissions: {}
 
 jobs:
   labels:
@@ -38,4 +38,4 @@ jobs:
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: ⤵️ Sync Latest Labels Definitions
-        uses: ivuorinen/actions/sync-labels@f98ae7cd7d0feb1f9d6b01de0addbb11414cfc73 # v2026.01.21
+        uses: ivuorinen/actions/sync-labels@7f6a23b59316795c4b3cb3b3b28dd53e53655a33 # v2026.03.11

.github/workflows/update-browserslist.yaml

@@ -7,13 +7,14 @@ on:
     - cron: '0 2 1,15 * *'
   workflow_dispatch:
 
-permissions:
-  contents: write
-  pull-requests: write
+permissions: {}
 
 jobs:
   update-browserslist-database:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -21,7 +22,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Node.js Environment
-        uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           always-auth: true
           node-version-file: '.nvmrc'

.nvmrc

@@ -1 +1 @@
-24.13.0
+24.14.0

.pre-commit-config.yaml

@@ -23,7 +23,7 @@ repos:
         args: [--autofix, --no-sort-keys]
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.47.0
+    rev: v0.48.0
     hooks:
       - id: markdownlint
         args: [-c, .markdownlint.json, --fix]
@@ -45,18 +45,18 @@ repos:
         args: ['--severity=warning']
 
   - repo: https://github.com/rhysd/actionlint
-    rev: v1.7.10
+    rev: v1.7.11
     hooks:
       - id: actionlint
         args: ['-shellcheck=']
 
   - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 42.84.0
+    rev: 43.4.2
     hooks:
       - id: renovate-config-validator
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: '3.2.499'
+    rev: '3.2.508'
     hooks:
       - id: checkov
         args:

.releaserc.json

@@ -1,3 +1,4 @@
 {
-  "extends": ["@ivuorinen/semantic-release-config"]
+  "extends": ["@ivuorinen/semantic-release-config"],
+  "branches": ["main"]
 }

CHANGELOG.md

@@ -3,6 +3,36 @@
 All notable changes to this project will be documented in this file. See
 [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [1.0.16](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.15...v1.0.16) (2026-03-14)
+
+## [1.0.15](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.14...v1.0.15) (2026-03-12)
+
+## [1.0.14](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.13...v1.0.14) (2026-03-09)
+
+## [1.0.13](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.12...v1.0.13) (2026-03-07)
+
+## [1.0.12](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.11...v1.0.12) (2026-03-07)
+
+## [1.0.11](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.10...v1.0.11) (2026-03-06)
+
+## [1.0.10](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.9...v1.0.10) (2026-03-05)
+
+## [1.0.9](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.8...v1.0.9) (2026-03-05)
+
+## [1.0.8](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.7...v1.0.8) (2026-03-05)
+
+## [1.0.7](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.6...v1.0.7) (2026-03-04)
+
+## [1.0.6](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.5...v1.0.6) (2026-03-02)
+
+## [1.0.5](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.4...v1.0.5) (2026-03-01)
+
+## [1.0.4](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.3...v1.0.4) (2026-02-27)
+
+## [1.0.3](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.2...v1.0.3) (2026-02-27)
+
+## [1.0.2](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.1...v1.0.2) (2026-02-27)
+
 ## [1.0.1](https://github.com/ivuorinen/base-configs-browserslist/compare/v1.0.0...v1.0.1) (2026-01-29)
 
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ivuorinen/browserslist-config",
-  "version": "1.0.1",
+  "version": "1.0.16",
   "description": "ivuorinen's shareable configuration for Browserslist.",
   "type": "module",
   "author": {
@@ -43,12 +43,11 @@
     "postinstall": "node scripts/postinstall.cjs"
   },
   "dependencies": {
-    "@ivuorinen/config-checker": "^2",
+    "@ivuorinen/config-checker": "^2.1.2",
     "browserslist": "^4.28.1"
   },
   "devDependencies": {
-    "@ivuorinen/semantic-release-config": "^1.0.0",
-    "@types/browserslist": "^4.15.4"
+    "@ivuorinen/semantic-release-config": "^1.1.3"
   },
   "packageManager": "yarn@4.12.0"
 }